diff --git a/.travis.yml b/.travis.yml index 969a9af..8e9628f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -22,7 +22,7 @@ before_script: - sed -i -e 's/\(elasticsearch.username:\) elastic/\1 kibana/g' -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' kibana/config/kibana.yml - sed -i -e 's/\(xpack.monitoring.elasticsearch.username:\) elastic/\1 logstash_system/g' -e 's/\(xpack.monitoring.elasticsearch.password:\) changeme/\1 testpasswd/g' logstash/config/logstash.yml - sed -i 's/\(password =>\) "changeme"/\1 "testpasswd"/g' logstash/pipeline/logstash.conf - - sed -i 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' extensions/app-search/config/app-search.yml + - sed -i -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' -e 's/\(secret_management.encryption_keys:\)/\1 [test-encrypt]/g' extensions/enterprise-search/config/enterprise-search.yml - sed -i 's/\(password:\) changeme/\1 testpasswd/g' extensions/apm-server/config/apm-server.yml script: @@ -39,12 +39,13 @@ script: - docker-compose stop logstash kibana # Extensions - # App Search - - docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml up -d app-search - - .travis/run-tests-app-search.sh - - docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml ps - - docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml logs app-search - - docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml stop app-search + # Enterprise Search + - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml up -d enterprise-search + - sleep 30 + - .travis/run-tests-enterprise-search.sh + - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml ps + - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml logs enterprise-search + - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml stop enterprise-search # APM Server - docker-compose -f docker-compose.yml -f extensions/apm-server/apm-server-compose.yml up -d apm-server - .travis/run-tests-apm-server.sh @@ -56,7 +57,7 @@ script: - >- docker-compose -f docker-compose.yml - -f extensions/app-search/app-search-compose.yml + -f extensions/enterprise-search/enterprise-search-compose.yml -f extensions/apm-server/apm-server-compose.yml down -v diff --git a/.travis/lib/testing.sh b/.travis/lib/testing.sh index 4c535a0..1900868 100755 --- a/.travis/lib/testing.sh +++ b/.travis/lib/testing.sh @@ -12,9 +12,6 @@ function poll_ready { if [ "$#" -ge 3 ]; then args+=( '-u' "$3" ) fi - if [ "$#" -ge 4 ]; then - args+=( '-o' '/dev/null' ) - fi local label if [ "$MODE" == "swarm" ]; then diff --git a/.travis/run-tests-app-search.sh b/.travis/run-tests-enterprise-search.sh similarity index 76% rename from .travis/run-tests-app-search.sh rename to .travis/run-tests-enterprise-search.sh index ad74f84..3a5139d 100755 --- a/.travis/run-tests-app-search.sh +++ b/.travis/run-tests-enterprise-search.sh @@ -12,11 +12,11 @@ declare MODE="" log 'Waiting for readiness of Elasticsearch' poll_ready elasticsearch 'http://localhost:9200/' 'elastic:testpasswd' -log 'Waiting for readiness of App Search' -poll_ready app-search 'http://localhost:3002/login' ':' quiet +log 'Waiting for readiness of Enterprise Search' +poll_ready enterprise-search 'http://localhost:3002/api/ent/v1/internal/health' 'elastic:testpasswd' log 'Retrieving private key from Elasticsearch' -response="$(curl 'http://localhost:9200/.app-search-actastic-loco_moco_api_tokens/_search?q=name:private-key' -s -u elastic:testpasswd)" +response="$(curl 'http://localhost:9200/.ent-search-actastic-app_search_api_tokens/_search?q=name:private-key' -s -u elastic:testpasswd)" hits="$(jq -rn --argjson data "${response}" '$data.hits.hits')" echo "$hits" count="$(jq -rn --argjson data "${response}" '$data.hits.total.value')" diff --git a/extensions/enterprise-search/README.md b/extensions/enterprise-search/README.md index 1530a54..7624486 100644 --- a/extensions/enterprise-search/README.md +++ b/extensions/enterprise-search/README.md @@ -1,83 +1,119 @@ -# App Search extension +# Enterprise Search extension -Elastic App Search provides access to a set of robust APIs and people friendly dashboard controls to deliver amazing -search experiences, all backed by the Elastic Stack. +Elastic Enterprise Search is a suite of products for search applications backed by the Elastic Stack. ## Requirements -* 2 GB of free RAM, on top of the resources required by the other stack components and extensions +* 2 GB of free RAM, on top of the resources required by the other stack components and extensions. -App Search exposes the TCP port `3002` for its Web UI and API. +Enterprise Search exposes the TCP port `3002` for its Web UI and API. ## Usage -To include App Search in the stack, run Docker Compose from the root of the repository with an additional command -line argument referencing the `app-search-compose.yml` file: +### Generate an encryption key + +Enterprise Search requires one or more [encryption keys][enterprisesearch-encryption] to be configured before the +initial startup. Failing to do so prevents the server from starting. + +Encryption keys can contain any series of characters. Elastic recommends using 256-bit keys for optimal security. + +Those encryption keys must be added manually to the [`config/enterprise-search.yml`][config-enterprisesearch] file. By +default, the list of encryption keys is empty and must be populated using one of the following formats: + +```yaml +secret_management.encryption_keys: + - my_first_encryption_key + - my_second_encryption_key + - ... +``` + +```yaml +secret_management.encryption_keys: [my_first_encryption_key, my_second_encryption_key, ...] +``` + +> :information_source: To generate a strong encryption key, for example using the AES-256 cipher, you can use the +> OpenSSL utility or any other online/offline tool of your choice: +> +> ```console +> $ openssl enc -aes-256 -P +> +> enter aes-256-cbc encryption password: +> Verifying - enter aes-256-cbc encryption password: +> ... +> +> key= +> ``` + +### Start the server + +To include Enterprise Search in the stack, run Docker Compose from the root of the repository with an additional command +line argument referencing the `enterprise-search-compose.yml` file: ```console -$ docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml up +$ docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml up ``` Allow a few minutes for the stack to start, then open your web browser at the address http://localhost:3002 to see the -App Search home page. +Enterprise Search home page. -App Search is configured on first boot with the following default credentials: +Enterprise Search is configured on first boot with the following default credentials: -* user: *app_search* +* user: *enterprise_search* * password: *changeme* ## Security -The App Search password is defined inside the Compose file via the `APP_SEARCH_DEFAULT_PASSWORD` environment variable. -We highly recommend choosing a more secure password than the default one for security reasons. +The Enterprise Search password is defined inside the Compose file via the `ENT_SEARCH_DEFAULT_PASSWORD` environment +variable. We highly recommend choosing a more secure password than the default one for security reasons. -To do so, change the value `APP_SEARCH_DEFAULT_PASSWORD` environment variable inside the Compose file **before the first +To do so, change the value `ENT_SEARCH_DEFAULT_PASSWORD` environment variable inside the Compose file **before the first boot**: ```yaml -app-search: +enterprise-search: environment: - APP_SEARCH_DEFAULT_PASSWORD: {{some strong password}} + ENT_SEARCH_DEFAULT_PASSWORD: {{some strong password}} ``` -> :warning: The default App Search password can only be set during the initial boot. Once the password is persisted in -> Elasticsearch, it can only be changed via the Elasticsearch API. +> :warning: The default Enterprise Search password can only be set during the initial boot. Once the password is +> persisted in Elasticsearch, it can only be changed via the Elasticsearch API. -For more information, please refer to [Security and User Management][appsearch-security]. +For more information, please refer to [User Management and Security][enterprisesearch-security]. -## Configuring App Search +## Configuring Enterprise Search -The App Search configuration is stored in [`config/app-search.yml`][config-appsearch]. You can modify this file using -the [Default App Search configuration][appsearch-config] as a reference. +The Enterprise Search configuration is stored in [`config/enterprise-search.yml`][config-enterprisesearch]. You can +modify this file using the [Default Enterprise Search configuration][enterprisesearch-config] as a reference. You can also specify the options you want to override by setting environment variables inside the Compose file: ```yaml -app-search: +enterprise-search: environment: - app_search.auth.source: standard + ent_search.auth.source: standard worker.threads: '6' ``` -Any change to the App Search configuration requires a restart of the App Search container: +Any change to the Enterprise Search configuration requires a restart of the Enterprise Search container: ```console -$ docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml restart app-search +$ docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml restart enterprise-search ``` -Please refer to the following documentation page for more details about how to configure App Search inside a Docker -container: [Run App Search as a Docker container][appsearch-docker]. +Please refer to the following documentation page for more details about how to configure Enterprise Search inside a +Docker container: [Running Enterprise Search Using Docker][enterprisesearch-docker]. ## See also -[App Search Self-Managed documentation][appsearch-selfmanaged] +[Enterprise Search documentation][enterprisesearch-docs] -[config-appsearch]: ./config/app-search.yml +[config-enterprisesearch]: ./config/enterprise-search.yml -[appsearch-security]: https://swiftype.com/documentation/app-search/self-managed/security -[appsearch-config]: https://swiftype.com/documentation/app-search/self-managed/configuration -[appsearch-docker]: https://swiftype.com/documentation/app-search/self-managed/installation#docker -[appsearch-selfmanaged]: https://swiftype.com/documentation/app-search/self-managed/overview +[enterprisesearch-encryption]: https://www.elastic.co/guide/en/enterprise-search/current/encryption-keys.html +[enterprisesearch-security]: https://www.elastic.co/guide/en/workplace-search/current/workplace-search-security.html +[enterprisesearch-config]: https://www.elastic.co/guide/en/enterprise-search/current/configuration.html +[enterprisesearch-docker]: https://www.elastic.co/guide/en/enterprise-search/current/docker.html +[enterprisesearch-docs]: https://www.elastic.co/guide/en/enterprise-search/current/index.html diff --git a/extensions/enterprise-search/config/app-search.yml b/extensions/enterprise-search/config/app-search.yml deleted file mode 100644 index 4fa8a27..0000000 --- a/extensions/enterprise-search/config/app-search.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -## App Search core configuration -## https://swiftype.com/documentation/app-search/self-managed/configuration -# - -# IP address App Search listens on -app_search.listen_host: 0.0.0.0 - -# URL at which users reach App Search -app_search.external_url: http://localhost:3002 - -# Elasticsearch URL and credentials -elasticsearch.host: http://elasticsearch:9200 -elasticsearch.username: elastic -elasticsearch.password: changeme - -# Allow App Search to modify Elasticsearch settings. Used to enable auto-creation of Elasticsearch indexes. -allow_es_settings_modification: true diff --git a/extensions/enterprise-search/config/enterprise-search.yml b/extensions/enterprise-search/config/enterprise-search.yml new file mode 100644 index 0000000..891b510 --- /dev/null +++ b/extensions/enterprise-search/config/enterprise-search.yml @@ -0,0 +1,27 @@ +--- +## Enterprise Search core configuration +## https://www.elastic.co/guide/en/enterprise-search/current/configuration.html +# + +## --------------------- REQUIRED --------------------- + +# Encryption keys to protect application secrets. +secret_management.encryption_keys: + # add encryption keys below + #- add encryption keys here + +## ---------------------------------------------------- + +# IP address Enterprise Search listens on +ent_search.listen_host: 0.0.0.0 + +# URL at which users reach Enterprise Search +ent_search.external_url: http://localhost:3002 + +# Elasticsearch URL and credentials +elasticsearch.host: http://elasticsearch:9200 +elasticsearch.username: elastic +elasticsearch.password: changeme + +# Allow Enterprise Search to modify Elasticsearch settings. Used to enable auto-creation of Elasticsearch indexes. +allow_es_settings_modification: true diff --git a/extensions/enterprise-search/enterprise-search-compose.yml b/extensions/enterprise-search/enterprise-search-compose.yml index 1217544..cd58caa 100644 --- a/extensions/enterprise-search/enterprise-search-compose.yml +++ b/extensions/enterprise-search/enterprise-search-compose.yml @@ -1,19 +1,19 @@ version: '3.2' services: - app-search: + enterprise-search: build: - context: extensions/app-search/ + context: extensions/enterprise-search/ args: ELK_VERSION: $ELK_VERSION volumes: - type: bind - source: ./extensions/app-search/config/app-search.yml - target: /usr/share/app-search/config/app-search.yml + source: ./extensions/enterprise-search/config/enterprise-search.yml + target: /usr/share/enterprise-search/config/enterprise-search.yml read_only: true environment: JAVA_OPTS: -Xmx2g -Xms2g - APP_SEARCH_DEFAULT_PASSWORD: changeme + ENT_SEARCH_DEFAULT_PASSWORD: changeme ports: - '3002:3002' networks: